PRIVACY POLICY

PURPOSE OF THE PROCESSING FOR WHICH THE DATA ARE INTENDED

The personal data are processed for the purposes closely related and essential to the provision of Impact S.p.A.’s services.
In particular, provide users with access to the "eventobcp.bper.it" website to confirm or not their participation in the "We Are Dynamic 2025" event in Milan on 29 January 2025.

The Data Subject’s personal data collected for the abovementioned purposes are not used by Impact S.p.A. for marketing, commercial or promotional purposes.

DATA SUBJECT'S RIGHTS

With relation to the provided personal data, the Data Subject can exercise the following rights guaranteed by the Regulation:

a) access right;
b) right to rectification, modification and cancellation of personal data or the right of restriction of the processing of the former;
c) right to object the processing;
d) right to withdraw the consent;
e) right to send a complaint to the competent Supervisory Authority;
f) right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format.

1. The data subject shall have the right to obtain from the controller/processor the erasure of personal data concerning him or her without undue delay and the controller/processor shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
(a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(b) the data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing;
(c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
(d) the personal data have been unlawfully processed;
(e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

2. Where the controller/processor has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller/processor, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers/processors which are processing the personal data that the data subject has requested the erasure by such controllers/processors of any links to, or copy or replication of, those personal data.

3. Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
(a) for exercising the right of freedom of expression and information;
(b) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller/processor is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(c) for reasons of public interest in the area of public health;
(d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes;
(e) for the establishment, exercise or defence of legal claims.

DATA SUBJECT'S RIGHT - COMPLAINT TO THE CONTROLLING AUTHORITY

We remind you that you have the right to apply to the Data Protection Authority for the protection of personal data (Piazza di Monte Citorio n. 121, 00186 ROMA), in order to assert your rights in relation to the processing of personal data.

The data controller, pursuant to Article 24 of the GDPR, is BPER Banca S.p.A., with registered office and head office in Via San Carlo, 8/20, 41121 Modena.

The data controller can be contacted for requests or reports at the following address: dpo.gruppobper@bper.it